This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| Github | Active Directory Rights Management Services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability |
| GitHub | Active Directory Rights Management Services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability |
| Microsoft | Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability |
| Microsoft | Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability |
| Microsoft | Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability |
| Microsoft | Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability |
| Microsoft | Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| Microsoft | GroupMe | CVE-2024-38176 | GroupMe Elevation of Privilege Vulnerability |
| Microsoft | GroupMe | CVE-2024-38164 | GroupMe Elevation of Privilege Vulnerability |
| Intel | Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers |
| Microsoft | Line Printer Daemon Service (LPD) | CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability |
| cve-coordination@google.com | Mariner | CVE-2023-2976 | Unknown |
| cve-coordination@google.com | Mariner | CVE-2023-6817 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2023-52802 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26978 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26933 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36481 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38664 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32487 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-41862 | Unknown |
| security-officer@isc.org | Mariner | CVE-2022-2928 | Unknown |
| security@huntr.dev | Mariner | CVE-2023-5535 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-37535 | Unknown |
| security-officer@isc.org | Mariner | CVE-2022-2929 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-26984 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31744 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-5363 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-6237 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2024-4603 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-42282 | Unknown |
| security@apache.org | Mariner | CVE-2024-38472 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-15371 | Unknown |
| cve@mitre.org | Mariner | CVE-2021-43565 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31584 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-6121 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32616 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-33874 | Unknown |
| security@apache.org | Mariner | CVE-2024-40898 | Unknown |
| security@golang.org | Mariner | CVE-2023-45288 | Unknown |
| secalert@redhat.com | Mariner | CVE-2019-3816 | Unknown |
| security@golang.org | Mariner | CVE-2024-24786 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-5156 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-4911 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-17522 | Unknown |
| cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
| cve@mitre.org | Mariner | CVE-2019-9674 | Unknown |
| report@snyk.io | Mariner | CVE-2021-23336 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-3857 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20961 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20963 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32623 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20971 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-28863 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31755 | Unknown |
| glibc-cna@sourceware.org | Mariner | CVE-2024-33601 | Unknown |
| glibc-cna@sourceware.org | Mariner | CVE-2024-33602 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29160 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29165 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29164 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32614 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32613 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32612 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-15370 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32618 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20981 | Unknown |
| cve@mitre.org | Mariner | CVE-2015-7747 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2024-5535 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27814 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-3847 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26913 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36477 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39291 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-2455 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31583 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-0464 | Unknown |
| security-advisories@github.com | Mariner | CVE-2023-22742 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29161 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-33873 | Unknown |
| cve@mitre.org | Mariner | CVE-2018-25032 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-45853 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-5678 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-33877 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2023-6129 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2024-0727 | Unknown |
| security-advisories@github.com | Mariner | CVE-2023-27478 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-18214 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-37890 | Unknown |
| security@apache.org | Mariner | CVE-2024-36387 | Unknown |
| security@apache.org | Mariner | CVE-2024-38473 | Unknown |
| security@apache.org | Mariner | CVE-2024-39884 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-29038 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-29039 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-37298 | Unknown |
| cve@mitre.org | Mariner | CVE-2020-15503 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27842 | Unknown |
| security@apache.org | Mariner | CVE-2024-40725 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2024-2511 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32619 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32620 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32615 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27824 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27841 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27843 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27845 | Unknown |
| cve@mitre.org | Mariner | CVE-2020-8597 | Unknown |
| cve@mitre.org | Mariner | CVE-2020-8112 | Unknown |
| security@huntr.dev | Mariner | CVE-2024-3651 | Unknown |
| cve@mitre.org | Mariner | CVE-2019-20907 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-18207 | Unknown |
| arm-security@arm.com | Mariner | CVE-2023-4039 | Unknown |
| secalert@redhat.com | Mariner | CVE-2019-3833 | Unknown |
| cve@mitre.org | Mariner | CVE-2021-33454 | Unknown |
| security@golang.org | Mariner | CVE-2023-3978 | Unknown |
| infosec@edk2.groups.io | Mariner | CVE-2024-1298 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20965 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20967 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20969 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20977 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20973 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20985 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-28182 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-5742 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-37891 | Unknown |
| security@golang.org | Mariner | CVE-2023-39325 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-34250 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29158 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29162 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29163 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32605 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27823 | Unknown |
| Microsoft | Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| Microsoft | Microsoft Dynamics | CVE-2024-38182 | Microsoft Dynamics 365 Elevation of Privilege Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6988 | Chromium: CVE-2024-6988 Use after free in Downloads |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6991 | Chromium: CVE-2024-6991 Use after free in Dawn |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7004 | Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7003 | Chromium: CVE-2024-7003 Inappropriate implementation in FedCM |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7001 | Chromium: CVE-2024-7001 Inappropriate implementation in HTML |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7000 | Chromium: CVE-2024-7000 Use after free in CSS |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-38103 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6774 | Chromium: CVE-2024-6774 Use after free in Screen Capture |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-38156 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6779 | Chromium: CVE-2024-6779 Out of bounds memory access in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6773 | Chromium: CVE-2024-6773 Type Confusion in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6772 | Chromium: CVE-2024-6772 Inappropriate implementation in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6775 | Chromium: CVE-2024-6775 Use after free in Media Stream |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6776 | Chromium: CVE-2024-6776 Use after free in Audio |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-7005 | Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6992 | Chromium: CVE-2024-6992 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6995 | Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6993 | Chromium: CVE-2024-6993 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6778 | Chromium: CVE-2024-6778 Race in DevTools |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6989 | Chromium: CVE-2024-6989 Use after free in Loader |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6999 | Chromium: CVE-2024-6999 Inappropriate implementation in FedCM |
| Adobe Systems Incorporated | Microsoft Edge (Chromium-based) | CVE-2024-39379 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6996 | Chromium: CVE-2024-6996 Race in Frames |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6997 | Chromium: CVE-2024-6997 Use after free in Tabs |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6994 | Chromium: CVE-2024-6994 Heap buffer overflow in Layout |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6998 | Chromium: CVE-2024-6998 Use after free in User Education |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-6777 | Chromium: CVE-2024-6777 Use after free in Navigation |
| Microsoft | Microsoft Graphics Component | CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Graphics Component | CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office | CVE-2024-38021 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft | Microsoft Streaming Service | CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Streaming Service | CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Streaming Service | CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Windows Codecs Library | CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| Microsoft | Microsoft Windows Codecs Library | CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| Microsoft | Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability |
| Microsoft | NDIS | CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability |
| CERT/CC | NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability |
| Red Hat, Inc. | Open Source Software | CVE-2024-6387 | RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling |
| Microsoft | Role: Active Directory Certificate Services; Active Directory Domain Services | CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability |
| Microsoft | Role: Windows Hyper-V | CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Microsoft | SQL Server | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | SQL Server | CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| Microsoft | Windows BitLocker | CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability |
| Microsoft | Windows COM Session | CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability |
| Microsoft | Windows CoreMessaging | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
| Microsoft | Windows DHCP Server | CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability |
| Microsoft | Windows Distributed Transaction Coordinator | CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |
| Microsoft | Windows Enroll Engine | CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability |
| Microsoft | Windows Fax and Scan Service | CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability |
| Microsoft | Windows Filtering | CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability |
| Microsoft | Windows Image Acquisition | CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability |
| Microsoft | Windows Imaging Component | CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| Microsoft | Windows Internet Connection Sharing (ICS) | CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| Microsoft | Windows iSCSI | CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft | Windows Kernel-Mode Drivers | CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Layer-2 Bridge Network Driver | CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| Microsoft | Windows LockDown Policy (WLDP) | CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows MSHTML Platform | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability |
| Microsoft | Windows MultiPoint Services | CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability |
| Microsoft | Windows NTLM | CVE-2024-30081 | Windows NTLM Spoofing Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Microsoft | Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Microsoft | Windows Performance Monitor | CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft | Windows Performance Monitor | CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft | Windows Performance Monitor | CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft | Windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability |
| Microsoft | Windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability |
| Microsoft | Windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Access Connection Manager | CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| Microsoft | Windows Remote Access Connection Manager | CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Licensing Service | CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Secure Boot | CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Server Backup | CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability |
| Microsoft | Windows TCP/IP | CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability |
| Microsoft | Windows Themes | CVE-2024-38030 | Windows Themes Spoofing Vulnerability |
| Microsoft | Windows Win32 Kernel Subsystem | CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - GRFX | CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows Win32K - ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability |
| Microsoft | Windows Workstation Service | CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability |
| Microsoft | XBox Crypto Graphic Services | CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability |
| Microsoft | XBox Crypto Graphic Services | CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30061
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Weakness: CWE-285 : Improper Authorization CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively that attacker convinces an authenticated user to execute a malicious script, as a step to exploit this vulnerability. What type of information could be disclosed by this vulnerability? This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30061 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Dynamics 365 (on-premises) version 9.1 | 5037940 (Security Update) | Important | Information Disclosure | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
9.1.28.09 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30061 | Erik Donker |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-21417
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Text Services Framework Elevation of Privilege Vulnerability
Weakness: CWE-862 : Missing Authorization CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21417 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21417 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-28899
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. How could an attacker successfully exploit this vulnerability? To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .wim file What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28899 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-28899 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30081
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM Spoofing Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:7,1/TemporalScore:6,2
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30081 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Spoofing | 5039289 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Spoofing | 5039289 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Spoofing | 5039236 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30081 | Jimmy Bayne |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-30098
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Services Security Feature Bypass Vulnerability
Weakness: CWE-327 : Use of a Broken or Risky Cryptographic Algorithm CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: Are there any further actions I need to take to be protected from this vulnerability? Yes. The Windows Smart Card infrastructure relies on the Cryptographic Service Provider (CSP) and Key Storage Provider (KSP) to isolate cryptographic operations from the Smart Card implementation. The KSP is part of the Crypto Next Generation (CNG) architecture and is intended to support modern smart cards. In the case of RSA based certificates, the Smart Card Certificate Propagation service automatically overrides the default and uses the CSP instead of the KSP. This limits usage to the cryptography provided by the CSP and does not benefit from the modern cryptography provided by the KSP. Beginning with the July 2024 security updates released on July 9, 2024, this vulnerability will be addressed by removing the RSA override and using the KSP as the default. This change is initially disabled by default to allow customers to test it in their environment and to detect any application compatibility issues that might occur with this change. We intend to enable this change by default with a monthly security update in early 2025. Please enable this fix and test applications in your environment that rely on RSA based certificates and smart cards. If you detect applications that rely on the old behavior of defaulting to the CSP, work with your application vendor to update the application so that the KSP can be used by default. The fix can be enabled by setting the following registry key. Set the registry key to the value 1 to enable the fix for CVE-2024-30098.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to create a SHA1 hash collision successfully. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass digital signatures on a vulnerable system. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    10/07/2024     Added FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30098 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30098 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-35264
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could exploit this by closing an http/3 stream while the request body is being processed leading to a race condition. This could result in remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35264 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 | 5041081 (Security Update) | Important | Remote Code Execution | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.7 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.4.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.12 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-35264 | Radek Zikmund of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-35270
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows iSCSI Service Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:5,3/TemporalScore:4,6
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35270 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 5,3 Temporal: 4,6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-35270 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-38088
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38088 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38088 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-38087
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-415 : Double Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38087 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38087 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21332
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21332 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21332 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21333
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21333 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21333 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21335
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21335 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21335 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21373
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21373 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21373 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21398
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21398 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21398 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21414
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21414 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21414 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21415
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21415 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21415 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21428
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21428 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21428 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37318 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37318 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37332
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37332 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37332 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37331
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37331 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37331 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37969
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-822 : Untrusted Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37969 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37969 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37970
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37970 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37970 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37974
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37974 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37974 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37981
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37981 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37981 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37985
MITRE NVD Issuing CNA: Intel |
CVE Title: Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
Weakness: CWE-1037 : Processor Optimization Removal or Modification of Security-critical Code CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Why is this Intel CVE included in the Security Update Guide? Intel assigned this CVE to a problem that affects certain ARM-based operating systems. This update mitigates against this vulnerability. For more information on this vulnerability, please see: Systematic Identification and Characterization of Proprietary Prefetchers What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37985 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| CVE ID | Acknowledgements |
| CVE-2024-37985 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37986
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37986 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37986 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37987
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-843 CWE-122 : Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37987 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37987 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38013
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Server Backup Elevation of Privilege Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:6,7/TemporalScore:5,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would be able to delete any system files. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38013 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38013 | 3wyeye5 with OSR |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38015
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    11/07/2024     Updated acknowledgment. This is an informational change only. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38015 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38015 | Lewis Lee & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38022
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Image Acquisition Elevation of Privilege Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:7/TemporalScore:6,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38022 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38022 | BochengXiang(@Crispr) with FDU goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38023
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Weakness: CWE-502 : Deserialization of Untrusted Data CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38023 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002618 (Security Update) | Critical | Remote Code Execution | 5002604 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5456.1000 |
Maybe | 5002618 |
| Microsoft SharePoint Server 2019 | 5002615 (Security Update) | Critical | Remote Code Execution | 5002602 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10412.20001 |
Maybe | 5002615 |
| Microsoft SharePoint Server Subscription Edition | 5002606 (Security Update) | Critical | Remote Code Execution | 5002603 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20424 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38023 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38024
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Weakness: CWE-502 : Deserialization of Untrusted Data CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38024 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002618 (Security Update) | Important | Remote Code Execution | 5002604 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5456.1000 |
Maybe | 5002618 |
| Microsoft SharePoint Server 2019 | 5002615 (Security Update) | Important | Remote Code Execution | 5002602 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10412.20001 |
Maybe | 5002615 |
| Microsoft SharePoint Server Subscription Edition | 5002606 (Security Update) | Important | Remote Code Execution | 5002603 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20424 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38024 | zcgonvh cjm00n of Cyber Kunlun & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38025
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38025 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38025 | QingHe Xie FangMing Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38034
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Filtering Platform Elevation of Privilege Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38034 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38034 | go2bed |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38041
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38041 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38041 | Le Tran Hai Tung with Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38043
MITRE NVD Issuing CNA: Microsoft |
CVE Title: PowerShell Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38043 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38043 | Jimmy Bayne |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38517
MITRE NVD Issuing CNA: GitHub |
CVE Title: Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in RapidJSON library which is consumed by Microsoft Active Directory Rights Management Services Client. The CVE for this open source component, which is used in a Microsoft product, is assigned by GitHub CNA. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Moderate | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38517 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Moderate | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Moderate | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Moderate | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Moderate | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Moderate | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38517 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38051
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38051 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38051 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38054
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38054 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38054 | Angelboy (@scwuaptx) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38055
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38055 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38055 | Angelboy (@scwuaptx) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38056
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38056 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38056 | Angelboy (@scwuaptx) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38059
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Win32k Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38059 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38059 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38060
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Imaging Component Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38060 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Critical | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Critical | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Critical | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Critical | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Critical | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Critical | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Critical | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Critical | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Critical | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Critical | Remote Code Execution | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38060 | George Holmes with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38061
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: The following mitigating factors might be helpful in your situation: Setting LegacyAuthenticationLevel - Win32 apps | Microsoft Docs to 5= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY might protect most processes on the machine against this attack. Note that COM does not currently have a notion of minimum authentication level if authenticated, for example it is not possible to accept calls at RPC_C_AUTHN_LEVEL_NONE or >= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (server-side concern, but mentioning for completeness as it limits configuration-based options), nor is there a way to set the client-side authentication level for a process independent of the server-side authentication level. See LegacyAuthenticationLevel for more information about this value. For information on how to set the applicable system-wide registry value see the Setting System-Wide Default Authentication Level section of Setting System-Wide Security Using DCOMCNFG. Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    18/07/2024     Added acknowledgements. This is an informational change only. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38061 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38061 | Andrea Pierini with Semperis Tianze Ding (@D1iv3) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38062
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38062 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38062 | Philippe Laulheret with Cisco Talos Philippe Laulheret of Cisco Talos |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38064
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows TCP/IP Information Disclosure Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38064 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38064 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38071
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability? An attacker could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38071 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38071 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38072
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Weakness: CWE-476 : NULL Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability? An attacker could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38072 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38072 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38077
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: How would an attacker exploit this vulnerability? An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution. Mitigations: The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled: 1. Disable Remote Desktop Licensing Service if is not required. If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38077 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Critical | Remote Code Execution | 5039245 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Critical | Remote Code Execution | 5039245 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Critical | Remote Code Execution | 5039245 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Critical | Remote Code Execution | 5039245 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Critical | Remote Code Execution | 5039236 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38077 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38080
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38080 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38080 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38085
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38085 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38085 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38086
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Kinect SDK Remote Code Execution Vulnerability
Weakness: CWE-197 : Numeric Truncation Error CVSS: CVSS:3.1 Highest BaseScore:6,4/TemporalScore:5,6
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38086 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Kinect SDK | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6,4 Temporal: 5,6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.4.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38086 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38091
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WS-Discovery Denial of Service Vulnerability
Weakness: CWE-166 : Improper Handling of Missing Special Element CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38091 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38091 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38100
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows File Explorer Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38100 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38100 | Andrea Pierini with Semperis |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38102
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38102 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38102 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38104
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Fax Service Remote Code Execution Vulnerability
Weakness: CWE-822 : Untrusted Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: The following mitigating factor might be helpful in your situation: To be exploitable by this vulnerability the Windows Fax Service has to be installed and configured. If Windows Fax Service is enabled, consider disabling it until you have installed this update that addresses this vulnerability. How could an attacker exploit this vulnerability? An authenticated attacker with normal user privileges that has already compromised a fax server, to which the victim is connected, can exploit this vulnerability to execute arbitrary code on the victim machine. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38104 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38104 | lm0963 with TianGongLab of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38112
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MSHTML Platform Spoofing Vulnerability
Weakness: CWE-451 : User Interface (UI) Misrepresentation of Critical Information CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    12/07/2024     Updated CWE value. This is an informational change only. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38112 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) 5040426 (IE Cumulative) |
Important | Spoofing | 5039245 5034120 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22769 1.001 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) 5040426 (IE Cumulative) |
Important | Spoofing | 5039245 5034120 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22769 1.001 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) 5040426 (IE Cumulative) |
Important | Spoofing | 5039245 5034120 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22769 1.001 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) 5040426 (IE Cumulative) |
Important | Spoofing | 5039245 5034120 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.22769 1.001 |
Yes | 5040499 5040490 |
| Windows Server 2012 R2 | 5040426 (IE Cumulative) 5040456 (Monthly Rollup) |
Important | Spoofing | 5034120 5039294 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
1.001 6.3.9600.22074 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040426 (IE Cumulative) 5040456 (Monthly Rollup) |
Important | Spoofing | 5034120 5039294 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
1.001 6.3.9600.22074 |
Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Spoofing | 5039236 | Base: 7,5 Temporal: 7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38112 | Haifei Li with Check Point Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38182
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Dynamics 365 Elevation of Privilege Vulnerability
Weakness: CWE-1390 : Weak Authentication CVSS: CVSS:3.1 Highest BaseScore:9/TemporalScore:7,8
Executive Summary: Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    31/07/2024     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38182 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Dynamics 365 Field Service (on-premises) v7 series | Critical | Elevation of Privilege | None | Base: 9 Temporal: 7,8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-38182 | Cameron Vincent with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-26184
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:6,8/TemporalScore:5,9
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. How could an attacker successfully exploit this vulnerability? To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26184 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-26184 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30013
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MultiPoint Services Remote Code Execution Vulnerability
Weakness: CWE-415 : Double Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires an admin user to stop or restart the service. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30013 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30013 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-32987
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
Weakness: CWE-918 : Server-Side Request Forgery (SSRF) CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    16/07/2024     Added acknowledgements. This is an informational change only. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32987 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002618 (Security Update) | Important | Information Disclosure | 5002604 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5456.1000 |
Maybe | 5002618 |
| Microsoft SharePoint Server 2019 | 5002615 (Security Update) | Important | Information Disclosure | 5002602 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10412.20001 |
Maybe | 5002615 |
| Microsoft SharePoint Server Subscription Edition | 5002606 (Security Update) | Important | Information Disclosure | 5002603 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.17328.20424 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-32987 | khoadha with vcslab from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30071
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:4,7/TemporalScore:4,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30071 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 4,7 Temporal: 4,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30071 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30079
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30079 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-30079 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-3596
MITRE NVD Issuing CNA: CERT/CC |
CVE Title: CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
Weakness: CWE-327 : Use of a Broken or Risky Cryptographic Algorithm CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: Why is this CERT/CC CVE included in the Security Update Guide? A vulnerability exists in the RADIUS protocol that potentially affects many products and implementations of the RFC 2865 in the UDP version of the RADIUS protocol. In brief, RADIUS protocol (RFC 2865) is susceptible to forgery attacks that can modify Access-Accept or Access-Reject RADIUS response. CERT/CC assigned a CVE ID for this vulnerability which all vendors are using for their affected products. Please see KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596 for information on additional steps that should be done to protect your environment from this vulnerability. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-3596 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Spoofing | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Spoofing | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Spoofing | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Spoofing | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-3596 | [info needed] |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-30105
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Core and Visual Studio Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 2.0    25/07/2024     Revised the Security Updates table to include PowerShell 7.4 because this version of PowerShell 7 is affected by this vulnerability. See https://github.com/PowerShell/Announcements/issues/65 for more information. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30105 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 | 5041081 (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
8.0.7 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.10.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.4.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.6.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.8.12 | Maybe | None |
| PowerShell 7.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.4.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-30105 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-35261
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Is there any action I need to take to be protected from this vulnerability? If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually. Please see Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn for more information. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35261 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Network Watcher VM Extension for Windows | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,8 Temporal: 7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
1.4.3320.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-35261 | R4nger & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-35266
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure DevOps Server Spoofing Vulnerability
Weakness: CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS: CVSS:3.1 Highest BaseScore:7,6/TemporalScore:6,6
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it. According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the server (Availability). What actions do customers need to take to protect themselves from this vulnerability? Customers using Azure DevOps 2022.1 must update to Azure DevOps Server 2022.2 released on 09 July, 2024 to be protected. For more information on this recent Azure DevOps release, see here: Azure DevOps Server 2022 Update 2 Release Notes. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35266 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure DevOps Server 2022.1 | Release Notes (Security Update) | Important | Spoofing | None | Base: 7,6 Temporal: 6,6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
20240702.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-35266 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-35267
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure DevOps Server Spoofing Vulnerability
Weakness: CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS: CVSS:3.1 Highest BaseScore:7,6/TemporalScore:6,6
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the server (Availability). What actions do customers need to take to protect themselves from this vulnerability? Customers using Azure DevOps 2022.1 must update to Azure DevOps Server 2022.2 released on 09 July, 2024 to be protected. For more information on this recent Azure DevOps release, see here: Azure DevOps Server 2022 Update 2 Release Notes. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35267 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure DevOps Server 2022.1 | Release Notes (Security Update) | Important | Spoofing | None | Base: 7,6 Temporal: 6,6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
20240702.1 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-35267 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-35271
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35271 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-35271 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-35272
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35272 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-35272 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-20701
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20701 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-20701 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21303
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21303 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21303 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21308
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21308 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21308 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21317
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21317 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21317 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21331
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21331 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21331 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21425
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21425 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21425 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37319 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37319 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37320 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37320 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37321
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37321 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37321 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37322
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37322 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37322 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37323
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37323 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37323 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37324
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37324 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37324 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-21449
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21449 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-21449 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37326
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37326 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37326 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37327
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37327 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37327 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37328
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37328 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37328 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37329 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37329 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37330
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37330 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37330 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37334
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37334 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft OLE DB Driver 18 for SQL Server | 5040711 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
18.7.0004.0 | Maybe | None |
| Microsoft OLE DB Driver 19 for SQL Server | 5040712 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
19.3.0005.0 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37334 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37333
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37333 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37333 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-37336
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37336 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37336 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-28928
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28928 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-28928 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-35256
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manuall Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35256 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5040946 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.6441.1 | Maybe | None |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5040944 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
13.0.7037.1 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5040940 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.3471.2 | Maybe | None |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5040942 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
14.0.2056.2 | Maybe | None |
| Microsoft SQL Server 2019 for x64-based Systems (CU 27) | 5040948 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.4382.1 | Yes | None |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5040986 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.0.2116.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (CU 13) | 5040939 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.4131.2 | Yes | None |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5040936 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.1121.4 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-35256 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37971
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37971 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37971 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37972
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37972 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37972 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37973
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-674 : Uncontrolled Recursion CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    31/07/2024     Updated one or more CVSS scores for the affected products. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37973 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37973 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37975
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37975 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37975 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37977
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37977 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37977 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37978
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37978 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37978 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37984
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-121 : Stack-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,4/TemporalScore:7,3
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37984 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37984 | Maxim Suhanov (MTS RED, dfir.ru) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37988
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-130 : Improper Handling of Length Parameter Inconsistency CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37988 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37988 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-37989
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-130 : Improper Handling of Length Parameter Inconsistency CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37989 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-37989 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38010
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-130 : Improper Handling of Length Parameter Inconsistency CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38010 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38010 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38011
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-130 : Improper Handling of Length Parameter Inconsistency CVSS: CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38011 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 8 Temporal: 7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38011 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38017
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38017 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Information Disclosure | 5039225 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Information Disclosure | 5039211 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Information Disclosure | 5039213 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Information Disclosure | 5039212 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Information Disclosure | 5039245 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Information Disclosure | 5039289 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Information Disclosure | 5039260 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Information Disclosure | 5039294 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Information Disclosure | 5039214 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Information Disclosure | 5039217 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Information Disclosure | 5039227 |
Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Information Disclosure | 5039236 | Base: 5,5 Temporal: 5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38017 | cdpython with AlpineLab 9oat with AlpineLab g3un with AlpineLab cdpython, 9oat and g3un with AlpineLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38019
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users. Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38019 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38019 | Fangming Gu Qinghe Xie Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38020
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Spoofing Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of NTLM hashes. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Moderate | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38020 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002620 (Security Update) | Moderate | Spoofing | 5002591 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002620 (Security Update) | Moderate | Spoofing | 5002591 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Moderate | Spoofing | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002621 (Security Update) | Moderate | Spoofing | 5002600 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002621 (Security Update) | Moderate | Spoofing | 5002600 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38020 | JimSRush with PrivSec Consulting |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38021
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a user to allow blocked content sent from an external attacker to initiate remote code execution. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. How could the attacker exploit this vulnerability? An attacker could craft a malicious link that bypasses the Protected View Protocol, which could lead remote code execution (RCE). Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 1.1    10/07/2024     Corrected CVE title. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38021 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002620 (Security Update) | Important | Remote Code Execution | 5002591 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002620 (Security Update) | Important | Remote Code Execution | 5002591 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5456.1000 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-38021 | Arnold Osipov with Morphisec Shmuel Uzan with Morphisec Michael Gorelik with Morphisec |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38027
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Line Printer Daemon Service Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An unauthenticated attacker with LAN access could exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38027 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38027 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38028
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38028 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38028 | QingHe Xie and FangMing Gu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38030
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Spoofing Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:
References:
Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38030 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Spoofing | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Spoofing | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Spoofing | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Spoofing | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Spoofing | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Spoofing | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Spoofing | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Spoofing | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Spoofing | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| CVE ID | Acknowledgements |
| CVE-2024-38030 | Tomer Peled with Akamai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38031
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38031 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38031 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38032
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Xbox Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,1/TemporalScore:6,2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to obtain special or uncommon hardware. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38032 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| CVE ID | Acknowledgements |
| CVE-2024-38032 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38033
MITRE NVD Issuing CNA: Microsoft |
CVE Title: PowerShell Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38033 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38033 | Tom Norfolk with AJ Bell Jimmy Bayne |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38044
MITRE NVD Issuing CNA: Microsoft |
CVE Title: DHCP Server Service Remote Code Execution Vulnerability
Weakness: CWE-197 : Numeric Truncation Error CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated DHCP Server privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38044 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38044 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38047
MITRE NVD Issuing CNA: Microsoft |
CVE Title: PowerShell Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38047 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38047 | Jimmy Bayne |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38048
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38048 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38048 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38049
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Weakness: CWE-73 : External Control of File Name or Path CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38049 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Remote Code Execution | 5039245 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Remote Code Execution | 5039289 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38049 | wkai with Codesafe Team of Legendsec at QI-ANXIN Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38050
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Workstation Service Elevation of Privilege Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? If successfully exploited, this vulnerability could case attacker-controlled data on the heap to overwrite critical structures of the service, leading to arbitrary memory write or control flow hijacking, resulting in privilege escalation Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38050 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38050 | A1gxer afang5472 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38052
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38052 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38052 | Angelboy (@scwuaptx) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38053
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet over the ethernet to an adjacent system that is employing a networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38053 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Remote Code Execution | 5039225 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Remote Code Execution | 5039211 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Remote Code Execution | 5039260 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Remote Code Execution | 5039294 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Remote Code Execution | 5039214 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Remote Code Execution | 5039217 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Remote Code Execution | 5039227 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Remote Code Execution | 5039236 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38053 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38057
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38057 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38057 | Angelboy (@scwuaptx) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38058
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BitLocker Security Feature Bypass Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:6,8/TemporalScore:5,9
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38058 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38058 | Bill Demirkapi of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38065
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:6,8/TemporalScore:5,9
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38065 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38065 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38066
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38066 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| CVE ID | Acknowledgements |
| CVE-2024-38066 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38067
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38067 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38067 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38068
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38068 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38068 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38069
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Enroll Engine Security Feature Bypass Vulnerability
Weakness: CWE-347 : Improper Verification of Cryptographic Signature CVSS: CVSS:3.1 Highest BaseScore:7/TemporalScore:6,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass certificate validation during the account enrollment process. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38069 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38069 | Izzy Whistlecroft of Microsoft's Security Response Center |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38070
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the execution policy for the Windows LockDown Policy (WLDP) for the WDAC API. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38070 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Security Feature Bypass | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Security Feature Bypass | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Security Feature Bypass | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Security Feature Bypass | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Security Feature Bypass | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Security Feature Bypass | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Security Feature Bypass | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Security Feature Bypass | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Security Feature Bypass | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Security Feature Bypass | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38070 | Rajiv Chikine with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38073
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability? An attacker could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38073 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38073 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38074
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Weakness: CWE-191 : Integer Underflow (Wrap or Wraparound) CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution. Mitigations: The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled: 1. Disable Remote Desktop Licensing Service if is not required. If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38074 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Critical | Remote Code Execution | 5039289 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Critical | Remote Code Execution | 5039260 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Critical | Remote Code Execution | 5039294 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Critical | Remote Code Execution | 5039236 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38074 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38076
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution. Mitigations: The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled: 1. Disable Remote Desktop Licensing Service if is not required. If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38076 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Critical | Remote Code Execution | 5039214 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Critical | Remote Code Execution | 5039217 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Critical | Remote Code Execution | 5039227 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Critical | Remote Code Execution | 5039236 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38076 | Lewis Lee, Chunyang Han and Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38078
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Xbox Wireless Adapter Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. How could an attacker exploit the vulnerability? An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38078 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Remote Code Execution | 5039213 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Remote Code Execution | 5039212 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| CVE ID | Acknowledgements |
| CVE-2024-38078 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38079
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38079 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38079 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38081
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a local user executes the Visual Studio installer According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 2.0    25/07/2024     In the Security Updates table, made the following corrections: 1) Added .NET 6.0 as it is affected by this vulnerability. 2) Removed .NET 8.0 as it is not affected by this vulnerability. 3) Corrected Download and Article links for .NET 3.5 and 4.7.2 installed on Windows 10 Version 1809 for 32-bit Systems. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38081 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 6.0 | 5041080 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.32 | Maybe | None |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.50727.8977 | Maybe | None | |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.50727.8977 | Maybe | None | |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.50727.8977 | Maybe | None | |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.0.50727.8977 | Maybe | None | |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Elevation of Privilege | 5039214 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.2.4101.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.2.4101.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.2.4101.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.2.4101.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.2.4101.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5041020 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5041020 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5041017 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5041016 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5041016 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.04 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5041018 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5041019 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5041020 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5041020 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5039895 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5039895 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5039895 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5039895 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5041016 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5041016 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5039895 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.9256.03 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8972 | Maybe | None | |
| Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8972 | Maybe | None | |
| Microsoft .NET Framework 3.5 on Windows Server 2012 | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8971 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8971 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8971 | Maybe | None |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5041023 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.4101.04 | Maybe | None |
| Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5041021 (Monthly Rollup) 5041026 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8971 | Maybe | None | |
| Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5041021 (Monthly Rollup) 5041026 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
3.5.30729.8971 | Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 | Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 | Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 | Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5041024 (Monthly Rollup) 5041027 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 | Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5041026 (Security Only) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5041026 (Security Only) 5041021 (Monthly Rollup) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.01 4.7.4101.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5041023 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.02 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5041023 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.4101.02 | Maybe | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Elevation of Privilege | 5039225 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5039885 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5039885 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5041021 (Monthly Rollup) 5041026 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 4.8.4739.03 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5041021 (Monthly Rollup) 5041026 (Security Only) |
Important | Elevation of Privilege | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 4.8.4739.03 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5041022 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5041023 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5041023 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.4739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5039885 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04739.02 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5039885 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04739.02 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.4.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.12 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38081 | goodbyeselene goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38089
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
Weakness: CWE-269 : Improper Privilege Management CVSS: CVSS:3.1 Highest BaseScore:9,1/TemporalScore:7,9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability would gain the ability to escape the AppContainer and impersonate a non-AppContainer token. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by escaping the sensor-app docker container (which is running the web application) and running commands on the host. This would allow them to enter any other containers and potentially gain control over the system. Mitigations: The following mitigating factor might be helpful in your situation: Consider upgrading to Defender for IoT version 24.1.4 or newer. Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38089 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Defender for IoT | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 9,1 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
24.1.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38089 | Siemens Energy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38092
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure CycleCloud Elevation of Privilege Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance. According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability? To exploit this vulnerability an attacker must have an account with the User role assigned. What actions do customers need to take to protect themselves from this vulnerability? Azure CycleCloud versions 7.9.0 - 7.9.11 were retired on 30 September, 2023 as documented here: CycleCloud 7 Retirement Guide. Customers with existing CycleCloud deployments using versions 7.9.0 - 7.9.11 must migrate their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: Upgrading CycleCloud. Customers with existing CycleCloud deployments using versions 8.0.0 - 8.6.0 should update their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: Upgrading CycleCloud. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38092 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure CycleCloud 7.9.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.1 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.11 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.3 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.4 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.5 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.7 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 7.9.9 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.0.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.0.1 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.0.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.1.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.1.1 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.2.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.2.1 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.2.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.3.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.4.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.4.1 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.4.2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.5.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| Azure CycleCloud 8.6.0 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
8.6.2 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38092 | Christian Bortone with Merck KGaA |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38094
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Weakness: CWE-502 : Deserialization of Untrusted Data CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38094 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002618 (Security Update) | Important | Remote Code Execution | 5002604 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5456.1000 |
Maybe | 5002618 |
| Microsoft SharePoint Server 2019 | 5002615 (Security Update) | Important | Remote Code Execution | 5002602 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10412.20001 |
Maybe | 5002615 |
| Microsoft SharePoint Server Subscription Edition | 5002606 (Security Update) | Important | Remote Code Execution | 5002603 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20424 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38094 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38095
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Denial of Service Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. 2.0    25/07/2024     Revised the Security Updates table to include PowerShell 7.4 and 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See https://github.com/PowerShell/Announcements/issues/64 for more information. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38095 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 | 5041081 (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
8.0.7 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.10.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.4.21 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.6.17 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
17.8.12 | Maybe | None |
| PowerShell 7.2 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.2.22 | Maybe | None |
| PowerShell 7.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
7.4.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-38095 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38099
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Weakness: CWE-287 : Improper Authentication CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to possess advanced reverse engineering skills to identify and gain unauthorized access to specific remote procedure call (RPC) endpoints. Are there additional actions I need to take after I have installed the update? Yes. If your RD session hosts and RD licensing servers are joined to a work group, you need to ensure that your RD session hosts have the necessary credentials to access your RD licensing servers. For more information see: License Remote Desktop session hosts. No additional action is needed for RD session hosts and RD licensing servers joined to a domain. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38099 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Important | Denial of Service | 5039245 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Important | Denial of Service | 5039289 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38099 | Philemon Orphee Favrod with Microsoft Josh Watson with Microsoft Gus Catalano with Microsoft Ray Reskusich with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38101
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38101 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38101 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38105
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38105 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Important | Denial of Service | 5039225 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Important | Denial of Service | 5039211 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Important | Denial of Service | 5039213 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Important | Denial of Service | 5039212 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Important | Denial of Service | 5039260 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Important | Denial of Service | 5039294 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Important | Denial of Service | 5039214 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Important | Denial of Service | 5039217 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Important | Denial of Service | 5039227 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Important | Denial of Service | 5039236 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-38105 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-39684
MITRE NVD Issuing CNA: Github |
CVE Title: Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in RapidJSON library which is consumed by Microsoft Active Directory Rights Management Services Client. The CVE for this open source component, which is used in a Microsoft product, is assigned by GitHub CNA. Mitigations: None Workarounds: None Revision: 1.0    09/07/2024     Information published. |
Moderate | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39684 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5040448 (Security Update) | Moderate | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 for x64-based Systems | 5040448 (Security Update) | Moderate | Elevation of Privilege | 5039225 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20710 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for ARM64-based Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 1809 for x64-based Systems | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows 10 Version 21H2 for 32-bit Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 21H2 for x64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for 32-bit Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 10 Version 22H2 for x64-based Systems | 5040427 (Security Update) | Moderate | Elevation of Privilege | 5039211 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4651 |
Yes | 5040427 |
| Windows 11 version 21H2 for ARM64-based Systems | 5040431 (Security Update) | Moderate | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 version 21H2 for x64-based Systems | 5040431 (Security Update) | Moderate | Elevation of Privilege | 5039213 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.3079 |
Yes | 5040431 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 22H2 for x64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows 11 Version 23H2 for x64-based Systems | 5040442 (Security Update) | Moderate | Elevation of Privilege | 5039212 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3880 |
Yes | 5040442 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Moderate | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Moderate | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Moderate | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 (Monthly Rollup) 5040490 (Security Only) |
Moderate | Elevation of Privilege | 5039245 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22769 |
Yes | 5040499 5040490 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Moderate | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 (Monthly Rollup) 5040498 (Security Only) |
Moderate | Elevation of Privilege | 5039289 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27219 | Yes | None |
| Windows Server 2012 | 5040485 (Monthly Rollup) | Moderate | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5040485 (Monthly Rollup) | Moderate | Elevation of Privilege | 5039260 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24975 | Yes | None |
| Windows Server 2012 R2 | 5040456 (Monthly Rollup) | Moderate | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5040456 (Monthly Rollup) | Moderate | Elevation of Privilege | 5039294 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22074 | Yes | None |
| Windows Server 2016 | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5040434 (Security Update) | Moderate | Elevation of Privilege | 5039214 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7159 | Yes | None |
| Windows Server 2019 | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2019 (Server Core installation) | 5040430 (Security Update) | Moderate | Elevation of Privilege | 5039217 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6054 |
Yes | 5040430 |
| Windows Server 2022 | 5040437 (Security Update) | Moderate | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022 (Server Core installation) | 5040437 (Security Update) | Moderate | Elevation of Privilege | 5039227 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2582 |
Yes | 5040437 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 (Security Update) | Moderate | Elevation of Privilege | 5039236 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1009 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-39684 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38176
MITRE NVD Issuing CNA: Microsoft |
CVE Title: GroupMe Elevation of Privilege Vulnerability
Weakness: CWE-307 : Improper Restriction of Excessive Authentication Attempts CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38176 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| GroupMe | Critical | Elevation of Privilege | None | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-38176 | Guy Arazi with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38164
MITRE NVD Issuing CNA: Microsoft |
CVE Title: GroupMe Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:9,6/TemporalScore:8,3
Executive Summary: An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38164 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| GroupMe | Critical | Elevation of Privilege | None | Base: 9,6 Temporal: 8,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2024-38164 | Jonah Hook |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-39379
MITRE NVD Issuing CNA: Adobe Systems Incorporated |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7/TemporalScore:6,1
Executive Summary: None FAQ: Why is this Adobe CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Moderate | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39379 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: 7 Temporal: 6,1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-39379 | 0x140ce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6988
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6988 Use after free in Downloads
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6988 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6988 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6989
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6989 Use after free in Loader
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6989 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6989 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6999
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6999 Inappropriate implementation in FedCM
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6999 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6999 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6998
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6998 Use after free in User Education
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6998 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6998 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6996
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6996 Race in Frames
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6996 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6996 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6997
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6997 Use after free in Tabs
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6997 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6997 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6994
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6994 Heap buffer overflow in Layout
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6994 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6994 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6993
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6993
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6993 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6993 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6995
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6995 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6995 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6992
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6992
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6992 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6992 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-7005
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7005 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-7005 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6991
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6991 Use after free in Dawn
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6991 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6991 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-7004
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7004 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-7004 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-7003
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-7003 Inappropriate implementation in FedCM
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7003 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-7003 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-7001
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-7001 Inappropriate implementation in HTML
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7001 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-7001 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-7000
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-7000 Use after free in CSS
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7000 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-7000 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38103
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Weakness: CWE-359 : Exposure of Private Personal Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance. Mitigations: None Workarounds: None Revision: 1.0    25/07/2024     Information published. |
Moderate | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38103 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Information Disclosure | None | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
127.0.2651.74 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-38103 | Jun Kokatsu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-6387
MITRE NVD Issuing CNA: Red Hat, Inc. |
CVE Title: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
Weakness: CWE-364 : Signal Handler Race Condition CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:8,1
Executive Summary: None FAQ: Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)? CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf. Is Microsoft Windows vulnerable to CVE-2024-6387? No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary. The race condition used in this exploit is not possible in Windows because of significant differences with login grace timeout handling in the win32-openssh implementation. Mitigations: None Workarounds: None Revision: 1.0    11/07/2024     Information published. 1.1    15/07/2024     Updated FAQ information. This is an informational change only. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6387 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | openssh (CBL-Mariner) | Critical | Remote Code Execution | None | Base: 8,1 Temporal: 8,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Unknown | Unknown | None |
| CBL Mariner 2.0 x64 | openssh (CBL-Mariner) | Critical | Remote Code Execution | None | Base: 8,1 Temporal: 8,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Unknown | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-6387 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-38156
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Weakness: CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS: CVSS:3.1 Highest BaseScore:6,1/TemporalScore:5,3
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. What is the version information for this release?
What is the version information for this release?
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. Mitigations: None Workarounds: None Revision: 1.0    17/07/2024     Information published. |
Moderate | Spoofing | ||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38156 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Spoofing | None | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
126.0.2592.102 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-38156 | Jun Kokatsu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6779
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6779 Out of bounds memory access in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6779 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6779 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6773
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6773 Type Confusion in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6773 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6773 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6772
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6772 Inappropriate implementation in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6772 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6772 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6775
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6775 Use after free in Media Stream
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6775 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6775 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6776
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6776 Use after free in Audio
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6776 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6776 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6778
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6778 Race in DevTools
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6778 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6778 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6777
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6777 Use after free in Navigation
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6777 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6777 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
| CVE-2024-6774
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-6774 Use after free in Screen Capture
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    18/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6774 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
126.0.2592.113 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-6774 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-45288
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    08/04/2024     Information published. 1.0    20/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    02/07/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45288 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | docker-buildx (CBL-Mariner) docker-compose (CBL-Mariner) ig (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
0.14.0-1 2.27.0-1 0.29.0-1 1.30.1-1 |
None | ||
| Azure Linux 3.0 x64 | docker-buildx (CBL-Mariner) docker-compose (CBL-Mariner) ig (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
0.14.0-1 2.27.0-1 0.29.0-1 1.30.1-1 |
None | ||
| CBL Mariner 2.0 ARM | blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
2.1.2-3 1.11.2-9 1.11.1-8 1.29.0-2 |
None | ||
| CBL Mariner 2.0 x64 | blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
2.1.2-3 1.11.2-9 1.11.1-8 1.29.0-2 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-45288 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2019-3816
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    02/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    02/07/2024     Information published. 1.0    03/07/2024     Information published. 1.0    04/07/2024     Information published. 1.0    05/07/2024     Information published. 1.0    06/07/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2019-3816 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown | Unknown | None | |
| Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown | Unknown | None | |
| CBL Mariner 2.0 ARM | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.6.8-13 | Unknown | None |
| CBL Mariner 2.0 x64 | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.6.8-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2019-3816 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-24786
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    08/03/2024     Information published. 2.0    01/04/2024     Added node-problem-detector to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    02/07/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-24786 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) docker-buildx (CBL-Mariner) docker-compose (CBL-Mariner) ig (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
10.24.0-1 0.14.0-1 2.27.0-1 0.29.0-1 |
None | ||
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) docker-buildx (CBL-Mariner) docker-compose (CBL-Mariner) ig (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
10.24.0-1 0.14.0-1 2.27.0-1 0.29.0-1 |
None | ||
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
10.24.0-1 3.2.0.azl2-1 0.59.0-18 |
None | ||
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
10.24.0-1 3.2.0.azl2-1 0.59.0-18 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-24786 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5156
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    27/09/2023     Information published. 1.0    03/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5156 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.38-6 | Unknown | None |
| Azure Linux 3.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.38-6 | Unknown | None |
| CBL Mariner 2.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.35-6 | Unknown | None |
| CBL Mariner 2.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.35-6 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-5156 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-4911
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    03/10/2023     Information published. 1.0    03/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-4911 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.38-6 | Unknown | None |
| Azure Linux 3.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.38-6 | Unknown | None |
| CBL Mariner 2.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.35-5 | Unknown | None |
| CBL Mariner 2.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.35-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-4911 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2017-17522
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    18/08/2020     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2017-17522 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.7.18-3 | Unknown | None |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.7.18-3 | Unknown | None |
| CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2017-17522 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2007-4559
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    25/09/2020     Information published. 2.0    16/12/2021     Added python3 to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2007-4559 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
| CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
| CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2007-4559 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2019-9674
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    18/08/2020     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2019-9674 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
| CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2019-9674 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-23336
MITRE NVD Issuing CNA: report@snyk.io |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    27/02/2021     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-23336 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
2.7.18-6 3.7.10-3 |
None | ||
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
2.7.18-6 3.7.10-3 |
None | ||
| CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2021-23336 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-3857
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-3857 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | tensorflow (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.16.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | tensorflow (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.16.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | libpng (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.6.39-1 | Unknown | None |
| CBL Mariner 2.0 x64 | libpng (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.6.39-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-3857 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20961
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20961 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20961 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20963
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20963 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20963 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20971
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,9/TemporalScore:4,9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20971 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20971 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20981
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,9/TemporalScore:4,9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20981 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20981 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28863
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28863 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
20.14.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
20.14.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | nodejs18 (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
18.20.3-1 | Unknown | None |
| CBL Mariner 2.0 x64 | nodejs18 (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
18.20.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-28863 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-3727
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,3/TemporalScore:8,3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-3727 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) |
Unknown | Unknown | Base: 8,3 Temporal: 8,3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.57.0-2 0.29.0-1 |
None | ||
| Azure Linux 3.0 x64 | containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) |
Unknown | Unknown | Base: 8,3 Temporal: 8,3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.57.0-2 0.29.0-1 |
None | ||
| CBL Mariner 2.0 ARM | containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8,3 Temporal: 8,3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.55.0-19 1.22.3-4 1.14.2-5 |
None | ||
| CBL Mariner 2.0 x64 | containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8,3 Temporal: 8,3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.55.0-19 1.22.3-4 1.14.2-5 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-3727 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31755
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,6/TemporalScore:7,6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    01/05/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31755 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | apparmor (CBL-Mariner) | Unknown | Unknown | None | Base: 7,6 Temporal: 7,6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
3.0.4-4 | Unknown | None |
| CBL Mariner 2.0 x64 | apparmor (CBL-Mariner) | Unknown | Unknown | None | Base: 7,6 Temporal: 7,6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
3.0.4-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31755 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33601
MITRE NVD Issuing CNA: glibc-cna@sourceware.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    07/05/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33601 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.35-7 | Unknown | None |
| CBL Mariner 2.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.35-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33601 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33602
MITRE NVD Issuing CNA: glibc-cna@sourceware.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,6/TemporalScore:8,6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    07/05/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33602 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
2.35-7 | Unknown | None |
| CBL Mariner 2.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
2.35-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33602 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29160
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29160 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29160 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29165
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29165 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29165 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29164
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29164 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29164 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32614
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32614 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32614 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32613
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32613 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32613 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32612
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32612 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32612 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32616
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32616 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32616 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32618
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32618 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32618 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33874
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33874 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33874 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32623
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32623 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32623 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6121
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:4,3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6121 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 4,3 Temporal: 4,3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
5.15.145.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 4,3 Temporal: 4,3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
5.15.145.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6121 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26984
MITRE NVD Issuing CNA: cve@kernel.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    13/05/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26984 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.158.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.158.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26984 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-2976
MITRE NVD Issuing CNA: cve-coordination@google.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,1/TemporalScore:7,1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-2976 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | javapackages-bootstrap (CBL-Mariner) guava (CBL-Mariner) |
Unknown | Unknown | Base: 7,1 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.5.0-5 25.0-8 |
None | ||
| CBL Mariner 2.0 x64 | guava (CBL-Mariner) javapackages-bootstrap (CBL-Mariner) |
Unknown | Unknown | Base: 7,1 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
25.0-8 1.5.0-5 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-2976 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6817
MITRE NVD Issuing CNA: cve-coordination@google.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6817 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.145.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.145.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6817 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-52802
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-52802 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-52802 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26978
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26978 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26933
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26933 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26933 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-36481
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36481 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36481 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38664
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38664 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38664 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32487
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,6/TemporalScore:8,6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    22/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32487 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | less (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
643-2 | Unknown | None |
| Azure Linux 3.0 x64 | less (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
643-2 | Unknown | None |
| CBL Mariner 2.0 ARM | less (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
590-4 | Unknown | None |
| CBL Mariner 2.0 x64 | less (CBL-Mariner) | Unknown | Unknown | None | Base: 8,6 Temporal: 8,6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
590-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32487 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-41862
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:3,7/TemporalScore:3,7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-41862 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | postgresql (CBL-Mariner) | Unknown | Unknown | None | Base: 3,7 Temporal: 3,7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
14.11-1 | Unknown | None |
| CBL Mariner 2.0 x64 | postgresql (CBL-Mariner) | Unknown | Unknown | None | Base: 3,7 Temporal: 3,7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
14.11-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-41862 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31584
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    27/04/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31584 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | pytorch (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
2.0.0-5 | Unknown | None |
| CBL Mariner 2.0 x64 | pytorch (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
2.0.0-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31584 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5535
MITRE NVD Issuing CNA: security@huntr.dev |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5535 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
9.0.2010-1 | Unknown | None |
| CBL Mariner 2.0 x64 | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
9.0.2010-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-5535 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-37535
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,4/TemporalScore:4,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37535 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | vte291 (CBL-Mariner) | Unknown | Unknown | None | Base: 4,4 Temporal: 4,4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.66.2-3 | Unknown | None |
| CBL Mariner 2.0 x64 | vte291 (CBL-Mariner) | Unknown | Unknown | None | Base: 4,4 Temporal: 4,4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.66.2-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-37535 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-2929
MITRE NVD Issuing CNA: security-officer@isc.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-2929 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | dhcp (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.4.3.P1-1 | Unknown | None |
| Azure Linux 3.0 x64 | dhcp (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.4.3.P1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-2929 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-2928
MITRE NVD Issuing CNA: security-officer@isc.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-2928 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | dhcp (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.4.3.P1-1 | Unknown | None |
| Azure Linux 3.0 x64 | dhcp (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.4.3.P1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-2928 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31744
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31744 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | jasper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.2.1-2 | Unknown | None |
| Azure Linux 3.0 x64 | jasper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.2.1-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31744 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5363
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    31/10/2023     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5363 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-1 18.20.2-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-1 18.20.2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-5363 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-6237
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    25/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 3.3.0-1 |
None | ||
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 3.3.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-6237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-4603
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-4603 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-4603 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-42282
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/02/2024     Information published. 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-42282 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
20.14.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
20.14.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | nodejs (CBL-Mariner) nodejs18 (CBL-Mariner) reaper (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
16.20.2-3 18.18.2-4 3.1.1-10 |
None | ||
| CBL Mariner 2.0 x64 | nodejs (CBL-Mariner) nodejs18 (CBL-Mariner) reaper (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
16.20.2-3 18.18.2-4 3.1.1-10 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-42282 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38472
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38472 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38472 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2017-15371
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2017-15371 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | sox (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
14.4.2.0-33 | Unknown | None |
| CBL Mariner 2.0 x64 | sox (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
14.4.2.0-33 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2017-15371 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-43565
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-43565 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | cf-cli (CBL-Mariner) cri-o (CBL-Mariner) moby-buildx (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.4.0-18 1.22.3-5 0.7.1-20 |
None | ||
| CBL Mariner 2.0 x64 | cf-cli (CBL-Mariner) cri-o (CBL-Mariner) moby-buildx (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.4.0-18 1.22.3-5 0.7.1-20 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2021-43565 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2017-15370
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2017-15370 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | sox (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
14.4.2.0-33 | Unknown | None |
| CBL Mariner 2.0 x64 | sox (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
14.4.2.0-33 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2017-15370 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2015-7747
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2015-7747 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | audiofile (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
0.3.6-27 | Unknown | None |
| Azure Linux 3.0 x64 | audiofile (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
0.3.6-27 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2015-7747 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27823
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27823 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27823 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27814
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27814 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27814 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27824
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27824 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27824 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27841
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27841 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27841 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27843
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27843 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27843 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27845
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27845 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27845 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-8597
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-8597 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | ppp (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.4.7-36 | Unknown | None |
| Azure Linux 3.0 x64 | ppp (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.4.7-36 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-8597 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-8112
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-8112 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-8112 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-3651
MITRE NVD Issuing CNA: security@huntr.dev |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    26/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-3651 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | python-idna (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.7-1 | Unknown | None |
| CBL Mariner 2.0 x64 | python-idna (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.7-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-3651 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2019-20907
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    18/08/2020     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2019-20907 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 3.7.10-3 |
None | ||
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 3.7.10-3 |
None | ||
| CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2019-20907 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2017-18207
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    18/08/2020     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2017-18207 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
| CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2017-18207 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-4039
MITRE NVD Issuing CNA: arm-security@arm.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,8/TemporalScore:4,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    15/09/2023     Information published. 1.0    03/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-4039 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | gcc (CBL-Mariner) | Unknown | Unknown | None | Base: 4,8 Temporal: 4,8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
13.2.0-7 | Unknown | None |
| Azure Linux 3.0 x64 | gcc (CBL-Mariner) | Unknown | Unknown | None | Base: 4,8 Temporal: 4,8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
13.2.0-7 | Unknown | None |
| CBL Mariner 2.0 ARM | gcc (CBL-Mariner) | Unknown | Unknown | None | Base: 4,8 Temporal: 4,8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
11.2.0-6 | Unknown | None |
| CBL Mariner 2.0 x64 | gcc (CBL-Mariner) | Unknown | Unknown | None | Base: 4,8 Temporal: 4,8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
11.2.0-6 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-4039 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2019-3833
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    02/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    08/07/2024     Information published. 1.0    09/07/2024     Information published. 1.0    10/07/2024     Information published. 1.0    12/07/2024     Information published. 1.0    13/07/2024     Information published. 1.0    14/07/2024     Information published. 1.0    15/07/2024     Information published. 1.0    16/07/2024     Information published. 1.0    17/07/2024     Information published. 1.0    19/07/2024     Information published. 1.0    20/07/2024     Information published. 1.0    21/07/2024     Information published. 1.0    22/07/2024     Information published. 1.0    23/07/2024     Information published. 1.0    24/07/2024     Information published. 1.0    25/07/2024     Information published. 1.0    26/07/2024     Information published. 1.0    27/07/2024     Information published. 1.0    28/07/2024     Information published. 1.0    29/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2019-3833 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
| CBL Mariner 2.0 ARM | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.8-13 | Unknown | None |
| CBL Mariner 2.0 x64 | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.8-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2019-3833 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-33454
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33454 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | yasm (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.3.0-15 | Unknown | None |
| CBL Mariner 2.0 x64 | yasm (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.3.0-15 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-33454 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-3978
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,1/TemporalScore:6,1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    08/08/2023     Information published. 2.0    18/01/2024     Added packer to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-3978 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kubevirt (CBL-Mariner) telegraf (CBL-Mariner) |
Unknown | Unknown | Base: 6,1 Temporal: 6,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.2.0-1 1.29.4-1 |
None | ||
| Azure Linux 3.0 x64 | kubevirt (CBL-Mariner) telegraf (CBL-Mariner) |
Unknown | Unknown | Base: 6,1 Temporal: 6,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.2.0-1 1.29.4-1 |
None | ||
| CBL Mariner 2.0 ARM | packer (CBL-Mariner) telegraf (CBL-Mariner) vitess (CBL-Mariner) |
Unknown | Unknown | Base: 6,1 Temporal: 6,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.10.1-1 1.27.4-1 17.0.7-1 |
None | ||
| CBL Mariner 2.0 x64 | packer (CBL-Mariner) telegraf (CBL-Mariner) vitess (CBL-Mariner) |
Unknown | Unknown | Base: 6,1 Temporal: 6,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.10.1-1 1.27.4-1 17.0.7-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-3978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-1298
MITRE NVD Issuing CNA: infosec@edk2.groups.io |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6/TemporalScore:6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    05/06/2024     Information published. 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1298 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | edk2 (CBL-Mariner) hvloader (CBL-Mariner) |
Unknown | Unknown | Base: 6 Temporal: 6 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
20230301gitf80f052277c8-39 1.0.1-3 |
None | ||
| CBL Mariner 2.0 x64 | edk2 (CBL-Mariner) hvloader (CBL-Mariner) |
Unknown | Unknown | Base: 6 Temporal: 6 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
20230301gitf80f052277c8-39 1.0.1-3 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-1298 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20965
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,9/TemporalScore:4,9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20965 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4,9 Temporal: 4,9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20965 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20967
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20967 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20967 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20969
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20969 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20969 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20977
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20977 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20977 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20973
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20973 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20973 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20985
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20985 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.36-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20985 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28182
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,3/TemporalScore:5,3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28182 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
20.14.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) | Unknown | Unknown | None | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
20.14.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | nodejs18 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
18.20.3-1 | Unknown | None |
| CBL Mariner 2.0 x64 | nodejs18 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
18.20.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-28182 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-5742
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,7/TemporalScore:4,7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5742 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | nano (CBL-Mariner) | Unknown | Unknown | None | Base: 4,7 Temporal: 4,7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
6.0-3 | Unknown | None |
| CBL Mariner 2.0 x64 | nano (CBL-Mariner) | Unknown | Unknown | None | Base: 4,7 Temporal: 4,7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
6.0-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-5742 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-37891
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,4/TemporalScore:4,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    10/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37891 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | python-urllib3 (CBL-Mariner) | Unknown | Unknown | None | Base: 4,4 Temporal: 4,4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.26.19-1 | Unknown | None |
| CBL Mariner 2.0 x64 | python-urllib3 (CBL-Mariner) | Unknown | Unknown | None | Base: 4,4 Temporal: 4,4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.26.19-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-37891 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-39325
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/10/2023     Information published. 2.0    24/10/2023     Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 2.0    28/10/2023     Added coredns to CBL-Mariner 2.0 4.0    18/01/2024     Added packer to CBL-Mariner 2.0 5.0    02/02/2024     Added kata-containers-cc to CBL-Mariner 2.0 6.0    07/03/2024     Added kata-containers to CBL-Mariner 2.0 5.0    20/04/2024     Added git-lfs to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-39325 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | etcd (CBL-Mariner) moby-containerd-cc (CBL-Mariner) telegraf (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.5.12-1 1.7.7-3 1.29.4-1 |
None | ||
| Azure Linux 3.0 x64 | etcd (CBL-Mariner) moby-containerd-cc (CBL-Mariner) telegraf (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.5.12-1 1.7.7-3 1.29.4-1 |
None | ||
| CBL Mariner 2.0 ARM | blobfuse2 (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) etcd (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.1.1-1 1.11.1-2 1.29.0-2 3.5.12-1 |
None | ||
| CBL Mariner 2.0 x64 | blobfuse2 (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) etcd (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.1.1-1 1.11.1-2 1.29.0-2 3.5.12-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-39325 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-34250
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,2/TemporalScore:6,2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    13/05/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-34250 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 6,2 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2.3-1 | Unknown | None |
| CBL Mariner 2.0 x64 | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 6,2 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-34250 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29158
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29158 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29158 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29162
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29162 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29162 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29163
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29163 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29163 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32605
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32605 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32605 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32615
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32615 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32615 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32620
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32620 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32620 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32619
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:7,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32619 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,4 Temporal: 7,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32619 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33877
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/05/2024     Information published. 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33877 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33877 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-3847
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-3847 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-3847 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26913
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26913 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26913 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-36477
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36477 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36477 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39291
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39291 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39291 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-2455
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,4/TemporalScore:5,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-2455 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | postgresql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,4 Temporal: 5,4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
14.11-1 | Unknown | None |
| CBL Mariner 2.0 x64 | postgresql (CBL-Mariner) | Unknown | Unknown | None | Base: 5,4 Temporal: 5,4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
14.11-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-2455 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31583
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    22/04/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31583 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | pytorch (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.0.0-4 | Unknown | None |
| CBL Mariner 2.0 x64 | pytorch (CBL-Mariner) | Unknown | Unknown | None | Base: 7,8 Temporal: 7,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.0.0-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31583 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-0464
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    27/03/2023     Information published. 2.0    24/04/2023     Added nodejs18 to CBL-Mariner 2.0 3.0    11/10/2023     Added edk2 to CBL-Mariner 2.0 4.0    06/04/2024     Added hvloader to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-0464 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | edk2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
20230301gitf80f052277c8-37 | Unknown | None |
| Azure Linux 3.0 x64 | edk2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
20230301gitf80f052277c8-37 | Unknown | None |
| CBL Mariner 1.0 ARM | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.1k-15 | Unknown | None |
| CBL Mariner 1.0 x64 | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.1k-15 | Unknown | None |
| CBL Mariner 2.0 ARM | edk2 (CBL-Mariner) hvloader (CBL-Mariner) nodejs18 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
20230301gitf80f052277c8-34 1.0.1-3 18.17.1-2 1.1.1k-22 |
None | ||
| CBL Mariner 2.0 x64 | edk2 (CBL-Mariner) hvloader (CBL-Mariner) nodejs18 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
20230301gitf80f052277c8-34 1.0.1-3 18.17.1-2 1.1.1k-22 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-0464 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-22742
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-22742 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | libgit2 (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
1.4.5-1 1.72.0-2 |
None | ||
| CBL Mariner 2.0 x64 | libgit2 (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 5,9 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
1.4.5-1 1.72.0-2 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-22742 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29161
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29161 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29161 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33873
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:8,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    12/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33873 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 8,8 Temporal: 8,8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.14.4.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33873 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2018-25032
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    31/03/2022     Information published. 2.0    17/09/2022     Added mariadb to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 3.0    17/04/2023     Added tcl to CBL-Mariner 1.0 4.0    18/04/2023     Added boost to CBL-Mariner 2.0 5.0    19/04/2023     Added nmap to CBL-Mariner 2.0 Added tcl to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2018-25032 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) grpc (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.28.2-1 1.62.0-2 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) grpc (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.28.2-1 1.62.0-2 |
None | ||
| CBL Mariner 1.0 ARM | boost (CBL-Mariner) erlang (CBL-Mariner) mariadb (CBL-Mariner) nmap (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.66.0-4 24.2-2 10.3.36-1 7.90-4 |
None | ||
| CBL Mariner 1.0 x64 | boost (CBL-Mariner) erlang (CBL-Mariner) mariadb (CBL-Mariner) nmap (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.66.0-4 24.2-2 10.3.36-1 7.90-4 |
None | ||
| CBL Mariner 2.0 ARM | boost (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) nmap (CBL-Mariner) qt5-qtbase (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.76.0-3 38.0.72.2-1 7.93-1 5.15.9-1 |
None | ||
| CBL Mariner 2.0 x64 | boost (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) nmap (CBL-Mariner) qt5-qtbase (CBL-Mariner) |
Unknown | Unknown | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.76.0-3 38.0.72.2-1 7.93-1 5.15.9-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2018-25032 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-45853
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:9,8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    16/10/2023     Information published. 2.0    17/10/2023     Added tcl to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45853 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | keras (CBL-Mariner) rust (CBL-Mariner) tcl (CBL-Mariner) zlib (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.1.1-1 1.75.0-1 8.6.13-3 1.3.1-1 |
None | ||
| Azure Linux 3.0 x64 | keras (CBL-Mariner) rust (CBL-Mariner) tcl (CBL-Mariner) zlib (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.1.1-1 1.75.0-1 8.6.13-3 1.3.1-1 |
None | ||
| CBL Mariner 2.0 ARM | boost (CBL-Mariner) cloud-hypervisor (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.76.0-4 32.0-2 38.0.72.2-1 1.72.0-5 |
None | ||
| CBL Mariner 2.0 x64 | boost (CBL-Mariner) cloud-hypervisor (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 9,8 Temporal: 9,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.76.0-4 32.0-2 38.0.72.2-1 1.72.0-5 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-45853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5678
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,3/TemporalScore:5,3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    13/11/2023     Information published. 2.0    07/03/2024     Added kata-containers to CBL-Mariner 2.0 3.0    06/04/2024     Added hvloader to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5678 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kata-containers-cc (CBL-Mariner) edk2 (CBL-Mariner) kata-containers (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.2.0.azl1-1 20240223gitedc6681206c1-1 20.14.0-1 |
None | ||
| Azure Linux 3.0 x64 | edk2 (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
20240223gitedc6681206c1-1 3.2.0.azl1-1 20.14.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
38.0.72.2-1 1.0.1-3 3.2.0.azl1-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 5,3 Temporal: 5,3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
38.0.72.2-1 1.0.1-3 3.2.0.azl1-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-5678 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6129
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    16/01/2024     Information published. 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6129 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
20.14.0-1 3.3.0-1 |
None | ||
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
20.14.0-1 3.3.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
38.0.72.2-1 18.20.2-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
38.0.72.2-1 18.20.2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-6129 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-2511
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    15/04/2024     Information published. 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2511 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 3.3.0-1 |
None | ||
| Azure Linux 3.0 x64 | nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
20.14.0-1 3.3.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 1.1.1k-30 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
38.0.72.2-1 18.20.2-1 1.1.1k-30 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-2511 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-0727
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    29/01/2024     Information published. 2.0    07/03/2024     Added kata-containers to CBL-Mariner 2.0 3.0    06/04/2024     Added hvloader to CBL-Mariner 2.0 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0727 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kata-containers-cc (CBL-Mariner) kata-containers (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
3.2.0.azl1-1 20.14.0-1 3.3.0-1 |
None | ||
| Azure Linux 3.0 x64 | kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
3.2.0.azl1-1 20.14.0-1 3.3.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
38.0.72.2-1 1.0.1-3 3.2.0.azl1-1 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
38.0.72.2-1 1.0.1-3 3.2.0.azl1-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-0727 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-27478
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    30/06/2024     Information published. 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-27478 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libmemcached-awesome (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
1.1.4-1 | Unknown | None |
| Azure Linux 3.0 x64 | libmemcached-awesome (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
1.1.4-1 | Unknown | None |
| CBL Mariner 2.0 ARM | libmemcached-awesome (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
1.1.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | libmemcached-awesome (CBL-Mariner) | Unknown | Unknown | None | Base: 6,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
1.1.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-27478 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2017-18214
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2017-18214 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-10 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-10 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2017-18214 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-37890
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    13/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37890 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-10 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-10 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-37890 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-36387
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36387 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36387 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38473
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38473 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38473 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-39884
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39884 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39884 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29038
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:4,3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29038 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | tpm2-tools (CBL-Mariner) | Unknown | Unknown | None | Base: 4,3 Temporal: 4,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
4.3.2-2 | Unknown | None |
| CBL Mariner 2.0 x64 | tpm2-tools (CBL-Mariner) | Unknown | Unknown | None | Base: 4,3 Temporal: 4,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
4.3.2-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29038 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29039
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9/TemporalScore:9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29039 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | tpm2-tools (CBL-Mariner) | Unknown | Unknown | None | Base: 9 Temporal: 9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
4.3.2-2 | Unknown | None |
| CBL Mariner 2.0 x64 | tpm2-tools (CBL-Mariner) | Unknown | Unknown | None | Base: 9 Temporal: 9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
4.3.2-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29039 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-37298
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    19/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-37298 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | telegraf (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.29.4-7 | Unknown | None |
| CBL Mariner 2.0 x64 | telegraf (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.29.4-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-37298 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-15503
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:7,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-15503 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | LibRaw (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
0.19.5-5 | Unknown | None |
| Azure Linux 3.0 x64 | LibRaw (CBL-Mariner) | Unknown | Unknown | None | Base: 7,5 Temporal: 7,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
0.19.5-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-15503 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27842
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:5,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    23/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27842 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| Azure Linux 3.0 x64 | openjpeg2 (CBL-Mariner) | Unknown | Unknown | None | Base: 5,5 Temporal: 5,5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.3.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27842 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-40725
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    26/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-40725 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.62-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.62-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-40725 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-40898
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
Weakness: N/A CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    26/07/2024     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-40898 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.62-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.4.62-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-40898 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-5535
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:9,1/TemporalScore:9,1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    26/07/2024     Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5535 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9,1 Temporal: 9,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
1.1.1k-33 | Unknown | None |
| CBL Mariner 2.0 x64 | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9,1 Temporal: 9,1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
1.1.1k-33 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-5535 | None |